Path: utzoo!attcan!uunet!ncrlnk!ncrcae!hubcap!gatech!uflorida!haven!uvaarpa!hudson!bessel.acc.Virginia.EDU!gl8f
From: gl8f@bessel.acc.Virginia.EDU (Greg Lindahl)
Newsgroups: comp.mail.sendmail
Subject: Re: Non-root sendmail?
Message-ID: <756@hudson.acc.virginia.edu>
Date: 11 Nov 88 16:44:44 GMT
References: <164@heart-of-gold> <3031@haven.umd.edu>
Sender: news@hudson.acc.virginia.edu
Reply-To: gl8f@bessel.acc.Virginia.EDU (Greg Lindahl)
Organization: Dept. of Astronomy, University of Virginia
Lines: 24

In article <3031@haven.umd.edu> louie@trantor.umd.edu (Louis A. Mamakos) writes:
>sendmail runs as root for the rather obvious reason that it needs to bind
>a socket to a restricted port number (25 == SMTP).  Before sendmail exec()'s
>any processes, it does a setuid() to UID 1, which is daemon.  None of the
>virus processes running on our system ran as root; rather they ran as
>daemon.
>

Is there any reason why sendmail has to run as the same "daemon" which
owns the files generated by the "at" command? This is unfortunate,
because anyone who can break sendmail and get a suid daemon shell can
(according to a friend of mine) then generate an "at" command and go
edit the command file to have root execute the command. This allows
you to generate a root suid shell.

Shouldn't we be glad that our friendly virus didn't know this :-) Why
are these daemons the same?

-- greg

----------
Greg Lindahl                                    internet:  gl8f@virginia.edu
University of Virginia Department of Astronomy    bitnet:  gl8f@virginia.bitnet
"grad students don't need disclaimers; the department doen't care what I think"